Method for encrypting information represented as a numerical value

ABSTRACT

The invention relates to a method of encrypting and decrypting information using a public key and a secret key. The invention is characterized in that the secret key consists of two very large primary numbers while the public key consists of the product of both primary numbers and a permutation polynomial.

FIELD OF THE INVENTION

The present invention relates to a method for decrypting a first message(“c”), which is encrypted from a second message (“m”) using a public keyin the form of a very large number (“n”) containing various primenumbers and of a permutation polynomial. The encrypted message is formedfrom c=P(m) mod n and the secret key using the product of at least twoprime numbers.

BACKGROUND INFORMATION

The invention relates to a method for decrypting a message c, which isencrypted from a message m using a public key in the form of a verylarge number n containing various prime numbers and of a permutationpolynomial, the encrypted message being formed from c=P(m)mod n and thesecret key from the product of at least two prime numbers.

Such methods have been known under the name of public-key encryptionmethods since the publication of the papers by Diffie and Hellmann (W.Diffie, M. E. Hellmann, “New directions in cryptography”, IEEETransactions on Information Theory, Vol. IT-22, November 1976, pages644-654) and by Rivest, Shamir and Adleman (R. Rivest, A. Shamir and L.Adleman, “A method for obtaining digital signatures and public-keycryptosystems”, Communications of the ACM, Vol. 27, No. 2, February1978, pages 120-126, RSA methods). In contrast to conventional methods,these public-key encryption methods employ two keys, of which one key ispublic and the associated second key is secret. In order to encrypt amessage, the sender uses the publicly accessible key of the recipient,who alone is able to decrypt this encrypted message using the secret keyknown to him. This method considerably facilitates key management,because, in particular, it is no longer necessary to communicate thesecret key, hitherto required for decryption, via a secure channel tothe recipient.

Some examples of the application of public-key methods are described indetail in the publication by A. Beutelspacher “Kryptologie”[Cryptology], Vieweg-Verlag 1994.

From the literature reference VARADHARAJAN, V: “Cryptosystems based onpermutation polynomials,” INTERNATIONAL JOURNAL OF COMPUTER MATHEMATICS,1988, London (GB), Vol. 23, No. 3-4, it is known that in public keymethods permutation polynomials are used to encrypt messages. Fordecrypting, it is proposed in this literature reference to use thepolynomial that is inverse to the permutation polynomial. The known dataencryption method thus presupposes that there is an inverse function tothe permutation polynomial of the encryption, this function being inpractice easy to use for decrypting. This means that in accordance withthis related art only permutation polynomials can be used for whichthere exists an inverse function which is of the type that can be usedin calculation at all. This known method therefore has the disadvantagethat not all permutation polynomials can be used for encryptingmessages. Permutation polynomials are known which have relatively fewcoefficients, but the corresponding inverse polynomial includes amultiplicity of coefficients which in addition can possess a very highnumerical value. However, it is not possible in practice to work withinverse functions of this type, if outlays for computation are to bereasonable.

The publication DE 195 13 898 Al likewise discloses a public-key methodfor the encryption of data. Although, with this method, the security ofencryption and decryption is increased in comparison with previousmethods, ambiguities occur in the determination of zeros, which isnecessary for decryption. These ambiguities make it necessary to addknown redundant data to each data block to be encrypted, the knownredundant data making it possible to determine the correct decrypted indata.

Public-key encryption methods which use polynomials over the ring ofnumbers modulo a number n composed of at least two large prime numbersare already known from the literature. The RSA method can be regarded assuch a method. Important examples are also those methods which are basedon so-called Dickson polynomials (W. B. Müller and R. Nöbauer,“Cryptanalysis of the Dickson-Scheme”, Proc. Euro-crypt 85, LectureNotes in Computer Science, Vol. 219, 1986, p.50-61).

The object of the present invention lies in indicating a method fordecrypting an encrypted message, the method being able to work using amultiplicity of various types of permutation polynomials for which aninverse function that is easy to use does not necessarily have to exist.

The object of the present invention is achieved by a method fordecrypting an encrypted message, the method having the features of claim1.

The fact that the encrypted message c is calculated by substituting[placing] the message to be encrypted m into a permutation polynomialP(x=m)mod n, n representing the product of two very large prime numbers,makes it possible, using the secret key composed of the two large primenumbers and using the extended Euclidean algorithm, to clearly calculatemessage m in accordance with m=b·u·p+a·v·q mod n for the statements

p(x)=P(x)−c mod p, and

q(x)=P(x)−c mod q, and

for the two statements

ggT(p(x),xP−x) mod p=x−a, and

ggT(q(x),xq−x) mod q=x−b, and

for the relation u·p+v·q=1.

For decrypting the encrypted message c, the unambiguous zero point ofthe permutation polynomial P (x)−c mod n is calculated.

One of the advantages of the present invention is to be seen inparticular in the fact that it goes beyond the known publications andcreates a method for encryption and decryption which is considerablymore general and makes it possible also to employ other classes ofpolynomials.

The objective is achieved also from the features of claim 2. This methodof the present invention is marked by the fact that the number (p−1)(q−1)+1 is used as the secret key and the unambiguous zero point of thepermutation polynomial P(x)−c mod n is calculated, in that the recoveryof the message m is carried out by calculatingggT(P(x)−c,x^((p−1)(q−1))−x) mod n n=x−m. Similarly, a number designatedas an equivalent number can also be used as the secret key, which isderived from

constant·kgV((p−1),(q−1))+1.

The use of polynomials of the form r·x^(e)+s mod n and the use ofpolynomials of the form

p(X)·x ^(e) ·p ⁻¹(X) mod n

has proved particularly advantageous, p(x) and p⁻¹(x) being permutationpolynomials, and p⁻¹ (x) being the inverse polynomial to p(x) (that is,p⁻¹ (p(x))=p(p⁻¹ (x))=x mod n).

Further advantageous embodiments of the method are cited in the othersubclaims 4 through 8.

The public-key method is based on the difficult mathematical problem offactoring numbers which are the product of two large prime numbers,i.e., splitting them up into the two prime numbers. In this connection,the product of two large prime numbers is used as the public key, whilethe secret key consists of the two prime numbers.

The essence of the method according to the invention is to be seen inthe fact that, in addition to the whole number n, a permutationpolynomial over the ring Z_(n) is used as the public key. A permutationpolynomial over Z_(n) is a polynomial with coefficients and argumentsfrom the set {0,1, . . . , n−1}, whose function values include allelements of the set {0,1, . . . , n−1}. An overview of the theory ofpermutation polynomials is provided by Lidl and Niederreiter, “FiniteFields”, Encyclopedia of Mathematics Vol. 20, Cambridge UniversityPress, 1983.

Consequently, the public key according to the invention comprises apermutation polynomial P(x) and a whole number n=p·q which is theproduct of two large prime numbers p and q. The secret key then iscomposed of the two prime numbers p and q.

What is claimed is:
 1. A method for decrypting a first message (“c”)from a second message (“m”), comprising the steps of: determining apublic key which includes a permutation polynomial P(x) and a product(“n”) of a first large prime number (“p”) and a second large primenumber (“q”); forming a secret key which is composed of the first andsecond large prime numbers; encrypting the first message using thepublic key, the secret key and the following equation: c=P(m) mod n,wherein P(m)=P(x); and calculating an unambiguous zero point of thepermutation polynomial using the following equation: P(x)−c mod n,wherein the unambiguous zero point is calculated for the first largeprime number and the second large prime number to decrypt the firstmessage (“c”) using the following equations: p(x)=P(x)−c mod p, andq(x)=P(x)−c mod q, wherein the second message (“m”) is formed using thefollowing equation: m=b·u·p+a·v·q mod n, and wherein u·p+v·q=1, and aand b are values which are calculated using the following equations:ggT(p(x),x ^(p) −x) mod p=x−a, and ggT(q(x),x ^(q) −x) mod q=x−b.
 2. Themethod according to claim 1, wherein the permutation polynomial has theform of r·x^(e)+ s which is an RSA polynomial, and wherein r and s areconstant variables, and e is an exponent.
 3. The method according toclaim 1, wherein the permutation polynomial is a Chebyshev polynomialrepresented as T_(e)(x) mod n, wherein the second message (“m”) is anumerical value which is mapped to the first encrypted message (“c”)using the following equation: c=T _(e)(m) mod n, and whereinT_(e)(x)=T_(e)(m).
 4. The method according to claim 1, wherein thepermutation polynomial is a Dickson polynomial.
 5. The method accordingto claim 1, wherein the permutation polynomial is a combination of aChebyshev polynomial, a Dickson polynomial and a particular polynomialhaving the form of r·x^(e)+ s, and wherein r and s are constantvariables, and e is an exponent.
 6. The method according to claim 3,further comprising the steps of: decrypting the second message (“m”)from the first encrypted message (“c”) using the following equation: m=T_(d)(c) mod n, wherein d has a value which is calculated using thefollowing equation: d·e−1 mod k, wherein k is a smallest common multipleof the following equation: p ²−1 and q ²−1, and wherein e is an aliquantof the following equation: p ²−1 and q ²−1.
 7. The method according toclaim 5, further comprising the steps of: consecutively executing atleast one of a Chebyshev polynomial, a Dickson polynomial and ageneralized RSA polynomial to form a particular result; and storing theparticular result as a portion of the public key.
 8. A method fordecrypting a first message (“c”) from a second message (“m”), comprisingthe steps of: determining a public key which includes a permutationpolynomial P(x) and a product (“n”) of a first large prime number (“p”)and a second large prime number (“q”); forming a secret key according toone of i) a first number provided using the equation (p−1)(q−1)+1, andii) a second number provided using the equation kgV((p−1), (q−1))+1, thesecond number being substantially similar to the first number; andencrypting the first message (“c”) using the public key, the secret keyand the following equation: c=P(m) mod n, wherein P(m)=P(x); andcalculating an unambiguous zero point of the permutation polynomial todecrypt the first message (“c”) using the following equation: P(x)−c modn, wherein the second message (“m”) is retrieved from the firstencrypted message according to the following equation: ggT(P(x)−c, x^(((p−1)(q−1)+1)) −x) mod n=x−m.
 9. The method according to claim 8,wherein the permutation polynomial has the form of r·x^(e)+ s which isan RSA polynomial, and wherein r and s are constant variables, and e isan exponent.
 10. The method according to claim 8, wherein thepermutation polynomial is a Chebyshev polynomial represented as T_(e)(x)mod n, wherein the second message (“m”) is a numerical value which ismapped to the first encrypted message (“c”) using the followingequation: c=T _(e)(m) mod n, and wherein T_(e)(x)=T_(e)(m).
 11. Themethod according to claim 8, wherein the permutation polynomial is aDickson polynomial.
 12. The method according to claim 8, wherein thepermutation polynomial is a combination of a Chebyshev polynomial, aDickson polynomial and a particular polynomial having the form ofr·x^(e)+s, and wherein r and s are constant variables, and e is anexponent.
 13. The method according to claim 10, further comprising thesteps of: decrypting the second message (“m”) from the first encryptedmessage (“c”) using the equation: m=T _(d)(c) mod n, wherein d has avalue which is calculated using the equation: d·e−1 mod k, wherein k isa smallest common multiple of the equation: p ²−1 and q ²−1, and whereine is an aliquant of the equation: p ²−1 and q ²−1.
 14. The methodaccording to claim 12, further comprising the steps of: consecutivelyexecuting at least one of a Chebyshev polynomial, a Dickson polynomialand a generalized RSA polynomial to form a particular result; andstoring the particular result as a portion of the public key.